| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 5 #ifndef SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
| 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 6 #define SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
| 7 | 7 |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 47 // No other parameters besides the command line are | 47 // No other parameters besides the command line are |
| 48 // passed to the child process. | 48 // passed to the child process. |
| 49 PROCESS_ALL_EXEC, // Allows the creation of a process and return full | 49 PROCESS_ALL_EXEC, // Allows the creation of a process and return full |
| 50 // access on the returned handles. | 50 // access on the returned handles. |
| 51 // This flag can be used only when the main token of | 51 // This flag can be used only when the main token of |
| 52 // the sandboxed application is at least INTERACTIVE. | 52 // the sandboxed application is at least INTERACTIVE. |
| 53 EVENTS_ALLOW_ANY, // Allows the creation of an event with full access. | 53 EVENTS_ALLOW_ANY, // Allows the creation of an event with full access. |
| 54 EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access. | 54 EVENTS_ALLOW_READONLY, // Allows opening an even with synchronize access. |
| 55 REG_ALLOW_READONLY, // Allows readonly access to a registry key. | 55 REG_ALLOW_READONLY, // Allows readonly access to a registry key. |
| 56 REG_ALLOW_ANY, // Allows read and write access to a registry key. | 56 REG_ALLOW_ANY, // Allows read and write access to a registry key. |
| 57 FAKE_USER_GDI_INIT // Fakes user32 and gdi32 initialization. This can | 57 FAKE_USER_GDI_INIT, // Fakes user32 and gdi32 initialization. This can |
| 58 // be used to allow the DLLs to load and initialize | 58 // be used to allow the DLLs to load and initialize |
| 59 // even if the process cannot access that subsystem. | 59 // even if the process cannot access that subsystem. |
| 60 IMPLEMENT_OPM_APIS // Implements FAKE_USER_GDI_INIT and also exposes |
| 61 // IPC calls to handle Output Protection Manager |
| 62 // APIs. |
| 60 }; | 63 }; |
| 61 | 64 |
| 62 // Increments the reference count of this object. The reference count must | 65 // Increments the reference count of this object. The reference count must |
| 63 // be incremented if this interface is given to another component. | 66 // be incremented if this interface is given to another component. |
| 64 virtual void AddRef() = 0; | 67 virtual void AddRef() = 0; |
| 65 | 68 |
| 66 // Decrements the reference count of this object. When the reference count | 69 // Decrements the reference count of this object. When the reference count |
| 67 // is zero the object is automatically destroyed. | 70 // is zero the object is automatically destroyed. |
| 68 // Indicates that the caller is done with this interface. After calling | 71 // Indicates that the caller is done with this interface. After calling |
| 69 // release no other method should be called. | 72 // release no other method should be called. |
| (...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 252 const wchar_t* handle_name) = 0; | 255 const wchar_t* handle_name) = 0; |
| 253 | 256 |
| 254 // Adds a handle that will be shared with the target process. Does not take | 257 // Adds a handle that will be shared with the target process. Does not take |
| 255 // ownership of the handle. | 258 // ownership of the handle. |
| 256 virtual void AddHandleToShare(HANDLE handle) = 0; | 259 virtual void AddHandleToShare(HANDLE handle) = 0; |
| 257 | 260 |
| 258 // Locks down the default DACL of the created lockdown and initial tokens | 261 // Locks down the default DACL of the created lockdown and initial tokens |
| 259 // to restrict what other processes are allowed to access a process' kernel | 262 // to restrict what other processes are allowed to access a process' kernel |
| 260 // resources. | 263 // resources. |
| 261 virtual void SetLockdownDefaultDacl() = 0; | 264 virtual void SetLockdownDefaultDacl() = 0; |
| 265 |
| 266 // Enable OPM API redirection when in Win32k lockdown. |
| 267 virtual void SetEnableOPMRedirection() = 0; |
| 268 // Enable OPM API emulation when in Win32k lockdown. |
| 269 virtual bool GetEnableOPMRedirection() = 0; |
| 262 }; | 270 }; |
| 263 | 271 |
| 264 } // namespace sandbox | 272 } // namespace sandbox |
| 265 | 273 |
| 266 | 274 |
| 267 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ | 275 #endif // SANDBOX_WIN_SRC_SANDBOX_POLICY_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1856993003:
Implement sandbox hooks to forward OPM related GDI system calls. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master